Ir al contenido principal
Cargando...

Understand and manage security alerts to protect your wallet

MetaMask displays trust signals and security alerts to help you make informed decisions when interacting with tokens, wallet addresses, and websites (dapps).

malicious_address

Trust signals

Trust signals help you understand whether a token, address, or website matches the official identity recognized by the ecosystem. For example, a 'Verified' badge indicates that MetaMask has high confidence that the entity corresponds to the legitimate project or organization it claims to represent.

verified_dapp

Not all legitimate contracts or websites will have a 'Verified' badge. The absence of a 'Verified' indicator does not automatically mean something is unsafe.

información

Trust signals are informational only and do not represent endorsement, approval, or a guarantee of safety.

Security alerts

Security alerts warn you when MetaMask detects signals associated with scams, phishing attempts, impersonation, or other harmful activity.

These alerts may appear as:

  • 'Warning': Potential risk detected
  • 'Malicious': High confidence of harmful activity

Security alerts are designed to help you identify potential threats — but you remain in control of your wallet and transaction decisions.

How to turn security alerts on or off

Security alerts are enabled by default in MetaMask Extension and Mobile! You can turn this off in settings at any time.

  • Click the menu icon in the top-right of your MetaMask
  • Click 'Settings' > 'Security & privacy'
  • Toggle the 'Security Alerts' button based on your preference
Supported networks

Arbitrum • Avalanche • Base • Berachain • Bitcoin • Blast • Bsc • Ethereum • HyperEVM • ImmutableZkEvm • Linea • MetachainOne • Monad • OpBnb • Optimism • Polygon • Scroll • Sei • Soneium • Tron • Zksync

How trust signals and security alerts are generated

MetaMask trust signals and security alerts are powered by a combination of on-chain analysis, ecosystem intelligence, and security partners including Blockaid, along with other threat detection providers.

These systems analyze factors such as:

  • Known phishing domains and scam reports
  • Contract behavior and transaction patterns
  • Impersonation signals (for example, tokens or websites mimicking established projects)
  • On-chain activity associated with malicious campaigns
  • Community and ecosystem reporting

Security classifications are based on risk signals and confidence levels derived from these sources. Classifications are updated over time as new information becomes available.

Transaction simulation

When security alerts are turned on, transactions and signature requests are sent to a MetaMask (EVM) or Blockaid (non-EVM) server to check whether a transaction can result in you losing funds.

These simulations enhance security alerts but do not guarantee detection of all threats. Even though a warning is displayed, you can still confirm the transaction if you choose to.

What should I do if I see a security alert?

If you see a 'Warning':

  • Double-check the URL or contract address
  • Verify through the project’s official channels

Review transaction details carefully and only confirm if you are confident. Fund loss is still a possibility.

If you see 'Malicious':

  • Do not connect your wallet
  • Do not sign transactions
  • Close the site

Malicious classifications indicate a high confidence of scam, phishing, or wallet-draining activity. Interacting may result in loss of funds

How to report a false classification

If you believe something has been classified incorrectly, you can report it using one of the following methods:

Option 1: Report from the alert

Click 'See details' to expand the Blockaid banner > 'Report an issue'

MetaMask Blockaid deceptive request contact

This will open a web page allowing you to submit details of the transaction that you were attempting. Click 'Continue' to proceed, and then you'll be taken to a form. Here you can:

  • Use the text field to add any details you feel are relevant
  • Expand the 'Details' dropdown to view the information about your transaction that will be submitted.

The 'Details' section is automatically populated with data from MetaMask, so you don't need to touch it.

Click 'Submit' to send the report.

Option 2: Contact our support team

Start a conversation with our support team by clicking the chat icon in the bottom-right of this page.

Please include:

  • What was flagged (token, address, or URL)
  • The network (Ethereum, Linea, etc.)
  • Screenshots of the warning or alert
  • Any official links that help verify the entity (project website, documentation, or block explorer page)

  • Comunícate con el equipo de soporte

    Ponte en contacto con nosotros si no encuentras la respuesta en otro lugar. Conectarte nos ayuda a brindarte ayuda más rápida y precisa. Te ahorra tiempo, ya que hay menos preguntas.

    Recommended

    • Reports help improve detection systems and protect the broader ecosystem. Our team reviews reports and updates classifications when appropriate. Reviews may take several business days depending on complexity and verification requirements.

    What do the different alerts mean?

    Token alerts
    • 'Verified': This token matches the official token address recognized by the ecosystem. Verification is not investment advice—it does not mean MetaMask recommends or guarantees the safety or value of the token.

    verified_token

    • 'Warning': This token has been flagged for risk indicators, such as impersonation signals, unusual contract behavior (including unexpected fees), or spam-related distribution activity.
    • 'Malicious': Strong signals suggest this token may be scam-related or harmful.
    Address alerts
    • 'Verified': This address is recognized as the official address for an entity (where available).
    • 'Warning': This address needs additional review. It may be newly deployed, an unverified contract on a block explorer (such as Etherscan), or lack sufficient information to confidently confirm its identity.

    warning_address

    • 'Malicious': Strong signals suggest this address may be associated with scams or harmful activity.
    Website alerts
    • 'Verified': This domain matches the official website identity recognized by the ecosystem (helps reduce phishing/look-alike domains).
    • 'Malicious': Strong signals indicate the site is likely phishing or attempting wallet-draining activity.

    malicious_dapp

    Was this helpful?
    Connect MetaMask to provide feedback
    What is this?
    This is a trial feedback system that uses Verax to record your feedback as onchain attestations on Linea Mainnet. When you vote, submit a transaction in your wallet.